slawek/vault
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Alloy configuration in README to include log level and tail_from_end setting for audit logs

Browse Source
This commit is contained in:
Sławek Koszewski
2026-01-18 17:27:38 +01:00
parent fe38e97e02
commit 2c9cb6df90
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
policies/README.md
View File

@@ -26,12 +26,15 @@ Add the following configuration to your Alloy setup:
```hcl ```hcl
loki.source.file "vault_audit_log" { loki.source.file "vault_audit_log" {
targets = [ targets = [
{"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit"}, {"__path__" = "/var/log/vault/audit.log", "log_name" = "vault_audit", "level" = "info"},
] ]
forward_to = [loki.write.default.receiver] forward_to = [loki.write.default.receiver]
tail_from_end = true
} }
``` ```
> **Note:** `tail_from_end = true` ensures that only new log entries are read, preventing the ingestion of old lines/entries. It is (probably) required because the audit log file does not contain timestamps and only entry guids.
Check auditing configuration with: Check auditing configuration with:
```bash ```bash